mmintel/gridpilot.gg
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

auth

Browse Source
This commit is contained in:
Marc Mintel
2025-12-31 19:55:43 +01:00
parent 8260bf7baf
commit 167e82a52b
66 changed files with 5124 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
apps/api/src/domain/auth/AuthController.ts
View File

@@ -1,9 +1,10 @@
import { Controller, Get, Post, Body, Query, Inject, Res } from '@nestjs/common';
import { Public } from './Public';
import { AuthService } from './AuthService';
import { LoginParamsDTO, SignupParamsDTO, AuthSessionDTO } from './dtos/AuthDto';
import { LoginParamsDTO, SignupParamsDTO, AuthSessionDTO, ForgotPasswordDTO, ResetPasswordDTO, DemoLoginDTO } from './dtos/AuthDto';
import type { CommandResultDTO } from './presenters/CommandResultPresenter';
import type { Response } from 'express';
// ProductionGuard will be added if needed - for now we'll use environment check directly
@Public()
@Controller('auth')
@@ -47,4 +48,23 @@ export class AuthController {
): Promise<AuthSessionDTO> {
return this.authService.iracingCallback(code, state, returnTo);
}
@Post('forgot-password')
async forgotPassword(@Body() params: ForgotPasswordDTO): Promise<{ message: string; magicLink?: string }> {
return this.authService.forgotPassword(params);
}
@Post('reset-password')
async resetPassword(@Body() params: ResetPasswordDTO): Promise<{ message: string }> {
return this.authService.resetPassword(params);
}
@Post('demo-login')
async demoLogin(@Body() params: DemoLoginDTO): Promise<AuthSessionDTO> {
// Manual production check
if (process.env.NODE_ENV === 'production') {
throw new Error('Demo login is not available in production');
}
return this.authService.demoLogin(params);
}
}

81
apps/api/src/domain/auth/AuthProviders.ts
View File

@@ -4,22 +4,35 @@ import { CookieIdentitySessionAdapter } from '@adapters/identity/session/CookieI
import { LoginUseCase } from '@core/identity/application/use-cases/LoginUseCase';
import { LogoutUseCase } from '@core/identity/application/use-cases/LogoutUseCase';
import { SignupUseCase } from '@core/identity/application/use-cases/SignupUseCase';
import { ForgotPasswordUseCase } from '@core/identity/application/use-cases/ForgotPasswordUseCase';
import { ResetPasswordUseCase } from '@core/identity/application/use-cases/ResetPasswordUseCase';
import { DemoLoginUseCase } from '../../development/use-cases/DemoLoginUseCase';
import type { IdentitySessionPort } from '@core/identity/application/ports/IdentitySessionPort';
import type { IAuthRepository } from '@core/identity/domain/repositories/IAuthRepository';
import type { IMagicLinkRepository } from '@core/identity/domain/repositories/IMagicLinkRepository';
import type { IPasswordHashingService } from '@core/identity/domain/services/PasswordHashingService';
import type { IMagicLinkNotificationPort } from '@core/identity/domain/ports/IMagicLinkNotificationPort';
import type { LoginResult } from '@core/identity/application/use-cases/LoginUseCase';
import type { LogoutResult } from '@core/identity/application/use-cases/LogoutUseCase';
import type { SignupResult } from '@core/identity/application/use-cases/SignupUseCase';
import type { ForgotPasswordResult } from '@core/identity/application/use-cases/ForgotPasswordUseCase';
import type { ResetPasswordResult } from '@core/identity/application/use-cases/ResetPasswordUseCase';
import type { DemoLoginResult } from '../../development/use-cases/DemoLoginUseCase';
import type { Logger, UseCaseOutputPort } from '@core/shared/application';
import {
AUTH_REPOSITORY_TOKEN,
PASSWORD_HASHING_SERVICE_TOKEN,
USER_REPOSITORY_TOKEN,
MAGIC_LINK_REPOSITORY_TOKEN,
} from '../../persistence/identity/IdentityPersistenceTokens';
import { AuthSessionPresenter } from './presenters/AuthSessionPresenter';
import { CommandResultPresenter } from './presenters/CommandResultPresenter';
import { ForgotPasswordPresenter } from './presenters/ForgotPasswordPresenter';
import { ResetPasswordPresenter } from './presenters/ResetPasswordPresenter';
import { DemoLoginPresenter } from './presenters/DemoLoginPresenter';
import { ConsoleMagicLinkNotificationAdapter } from '@adapters/notifications/ports/ConsoleMagicLinkNotificationAdapter';
// Define the tokens for dependency injection
export { AUTH_REPOSITORY_TOKEN, USER_REPOSITORY_TOKEN, PASSWORD_HASHING_SERVICE_TOKEN };
@@ -28,9 +41,16 @@ export const IDENTITY_SESSION_PORT_TOKEN = 'IdentitySessionPort';
export const LOGIN_USE_CASE_TOKEN = 'LoginUseCase';
export const SIGNUP_USE_CASE_TOKEN = 'SignupUseCase';
export const LOGOUT_USE_CASE_TOKEN = 'LogoutUseCase';
export const FORGOT_PASSWORD_USE_CASE_TOKEN = 'ForgotPasswordUseCase';
export const RESET_PASSWORD_USE_CASE_TOKEN = 'ResetPasswordUseCase';
export const DEMO_LOGIN_USE_CASE_TOKEN = 'DemoLoginUseCase';
export const AUTH_SESSION_OUTPUT_PORT_TOKEN = 'AuthSessionOutputPort';
export const COMMAND_RESULT_OUTPUT_PORT_TOKEN = 'CommandResultOutputPort';
export const FORGOT_PASSWORD_OUTPUT_PORT_TOKEN = 'ForgotPasswordOutputPort';
export const RESET_PASSWORD_OUTPUT_PORT_TOKEN = 'ResetPasswordOutputPort';
export const DEMO_LOGIN_OUTPUT_PORT_TOKEN = 'DemoLoginOutputPort';
export const MAGIC_LINK_NOTIFICATION_PORT_TOKEN = 'MagicLinkNotificationPort';
export const AuthProviders: Provider[] = [
{
@@ -80,4 +100,65 @@ export const AuthProviders: Provider[] = [
new LogoutUseCase(sessionPort, logger, output),
inject: [IDENTITY_SESSION_PORT_TOKEN, LOGGER_TOKEN, COMMAND_RESULT_OUTPUT_PORT_TOKEN],
},
{
provide: ForgotPasswordPresenter,
useClass: ForgotPasswordPresenter,
},
{
provide: ResetPasswordPresenter,
useClass: ResetPasswordPresenter,
},
{
provide: DemoLoginPresenter,
useClass: DemoLoginPresenter,
},
{
provide: FORGOT_PASSWORD_OUTPUT_PORT_TOKEN,
useExisting: ForgotPasswordPresenter,
},
{
provide: RESET_PASSWORD_OUTPUT_PORT_TOKEN,
useExisting: ResetPasswordPresenter,
},
{
provide: DEMO_LOGIN_OUTPUT_PORT_TOKEN,
useExisting: DemoLoginPresenter,
},
{
provide: MAGIC_LINK_NOTIFICATION_PORT_TOKEN,
useFactory: (logger: Logger) => new ConsoleMagicLinkNotificationAdapter(logger),
inject: [LOGGER_TOKEN],
},
{
provide: FORGOT_PASSWORD_USE_CASE_TOKEN,
useFactory: (
authRepo: IAuthRepository,
magicLinkRepo: IMagicLinkRepository,
notificationPort: IMagicLinkNotificationPort,
logger: Logger,
output: UseCaseOutputPort<ForgotPasswordResult>,
) => new ForgotPasswordUseCase(authRepo, magicLinkRepo, notificationPort, logger, output),
inject: [AUTH_REPOSITORY_TOKEN, MAGIC_LINK_REPOSITORY_TOKEN, MAGIC_LINK_NOTIFICATION_PORT_TOKEN, LOGGER_TOKEN, FORGOT_PASSWORD_OUTPUT_PORT_TOKEN],
},
{
provide: RESET_PASSWORD_USE_CASE_TOKEN,
useFactory: (
authRepo: IAuthRepository,
magicLinkRepo: IMagicLinkRepository,
passwordHashing: IPasswordHashingService,
logger: Logger,
output: UseCaseOutputPort<ResetPasswordResult>,
) => new ResetPasswordUseCase(authRepo, magicLinkRepo, passwordHashing, logger, output),
inject: [AUTH_REPOSITORY_TOKEN, MAGIC_LINK_REPOSITORY_TOKEN, PASSWORD_HASHING_SERVICE_TOKEN, LOGGER_TOKEN, RESET_PASSWORD_OUTPUT_PORT_TOKEN],
},
{
provide: DEMO_LOGIN_USE_CASE_TOKEN,
useFactory: (
authRepo: IAuthRepository,
passwordHashing: IPasswordHashingService,
logger: Logger,
output: UseCaseOutputPort<DemoLoginResult>,
) => new DemoLoginUseCase(authRepo, passwordHashing, logger, output),
inject: [AUTH_REPOSITORY_TOKEN, PASSWORD_HASHING_SERVICE_TOKEN, LOGGER_TOKEN, DEMO_LOGIN_OUTPUT_PORT_TOKEN],
},
];

248
apps/api/src/domain/auth/AuthService.new.test.ts Normal file
View File

@@ -0,0 +1,248 @@
import { describe, expect, it, vi } from 'vitest';
import { AuthService } from './AuthService';
import { Result } from '@core/shared/application/Result';
class FakeAuthSessionPresenter {
private model: any = null;
reset() { this.model = null; }
present(model: any) { this.model = model; }
get responseModel() {
if (!this.model) throw new Error('Presenter not presented');
return this.model;
}
}
class FakeCommandResultPresenter {
private model: any = null;
reset() { this.model = null; }
present(model: any) { this.model = model; }
get responseModel() {
if (!this.model) throw new Error('Presenter not presented');
return this.model;
}
}
class FakeForgotPasswordPresenter {
private model: any = null;
reset() { this.model = null; }
present(model: any) { this.model = model; }
get responseModel() {
if (!this.model) throw new Error('Presenter not presented');
return this.model;
}
}
class FakeResetPasswordPresenter {
private model: any = null;
reset() { this.model = null; }
present(model: any) { this.model = model; }
get responseModel() {
if (!this.model) throw new Error('Presenter not presented');
return this.model;
}
}
class FakeDemoLoginPresenter {
private model: any = null;
reset() { this.model = null; }
present(model: any) { this.model = model; }
get responseModel() {
if (!this.model) throw new Error('Presenter not presented');
return this.model;
}
}
describe('AuthService - New Methods', () => {
describe('forgotPassword', () => {
it('should execute forgot password use case and return result', async () => {
const forgotPasswordPresenter = new FakeForgotPasswordPresenter();
const forgotPasswordUseCase = {
execute: vi.fn(async () => {
forgotPasswordPresenter.present({ message: 'Reset link sent', magicLink: 'http://example.com/reset?token=abc123' });
return Result.ok(undefined);
}),
};
const service = new AuthService(
{ debug: vi.fn(), info: vi.fn(), warn: vi.fn(), error: vi.fn() } as any,
{ getCurrentSession: vi.fn(), createSession: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
forgotPasswordPresenter as any,
new FakeResetPasswordPresenter() as any,
new FakeDemoLoginPresenter() as any,
);
const result = await service.forgotPassword({ email: 'test@example.com' });
expect(forgotPasswordUseCase.execute).toHaveBeenCalledWith({ email: 'test@example.com' });
expect(result).toEqual({
message: 'Reset link sent',
magicLink: 'http://example.com/reset?token=abc123',
});
});
it('should throw error on use case failure', async () => {
const service = new AuthService(
{ debug: vi.fn(), info: vi.fn(), warn: vi.fn(), error: vi.fn() } as any,
{ getCurrentSession: vi.fn(), createSession: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn(async () => Result.err({ code: 'RATE_LIMIT_EXCEEDED', details: { message: 'Too many attempts' } })) } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeForgotPasswordPresenter() as any,
new FakeResetPasswordPresenter() as any,
new FakeDemoLoginPresenter() as any,
);
await expect(service.forgotPassword({ email: 'test@example.com' })).rejects.toThrow('Too many attempts');
});
});
describe('resetPassword', () => {
it('should execute reset password use case and return result', async () => {
const resetPasswordPresenter = new FakeResetPasswordPresenter();
const resetPasswordUseCase = {
execute: vi.fn(async () => {
resetPasswordPresenter.present({ message: 'Password reset successfully' });
return Result.ok(undefined);
}),
};
const service = new AuthService(
{ debug: vi.fn(), info: vi.fn(), warn: vi.fn(), error: vi.fn() } as any,
{ getCurrentSession: vi.fn(), createSession: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
resetPasswordUseCase as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeForgotPasswordPresenter() as any,
resetPasswordPresenter as any,
new FakeDemoLoginPresenter() as any,
);
const result = await service.resetPassword({
token: 'abc123',
newPassword: 'NewPass123!',
});
expect(resetPasswordUseCase.execute).toHaveBeenCalledWith({
token: 'abc123',
newPassword: 'NewPass123!',
});
expect(result).toEqual({ message: 'Password reset successfully' });
});
it('should throw error on use case failure', async () => {
const service = new AuthService(
{ debug: vi.fn(), info: vi.fn(), warn: vi.fn(), error: vi.fn() } as any,
{ getCurrentSession: vi.fn(), createSession: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn(async () => Result.err({ code: 'INVALID_TOKEN', details: { message: 'Invalid token' } })) } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeForgotPasswordPresenter() as any,
new FakeResetPasswordPresenter() as any,
new FakeDemoLoginPresenter() as any,
);
await expect(
service.resetPassword({ token: 'invalid', newPassword: 'NewPass123!' })
).rejects.toThrow('Invalid token');
});
});
describe('demoLogin', () => {
it('should execute demo login use case and create session', async () => {
const demoLoginPresenter = new FakeDemoLoginPresenter();
const mockUser = {
getId: () => ({ value: 'demo-user-123' }),
getDisplayName: () => 'Demo Driver',
getEmail: () => 'demo.driver@example.com',
};
const demoLoginUseCase = {
execute: vi.fn(async () => {
demoLoginPresenter.present({ user: mockUser });
return Result.ok(undefined);
}),
};
const identitySessionPort = {
getCurrentSession: vi.fn(),
createSession: vi.fn(async () => ({ token: 'demo-token-123' })),
};
const service = new AuthService(
{ debug: vi.fn(), info: vi.fn(), warn: vi.fn(), error: vi.fn() } as any,
identitySessionPort as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
demoLoginUseCase as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeForgotPasswordPresenter() as any,
new FakeResetPasswordPresenter() as any,
demoLoginPresenter as any,
);
const result = await service.demoLogin({ role: 'driver' });
expect(demoLoginUseCase.execute).toHaveBeenCalledWith({ role: 'driver' });
expect(identitySessionPort.createSession).toHaveBeenCalledWith({
id: 'demo-user-123',
displayName: 'Demo Driver',
email: 'demo.driver@example.com',
});
expect(result).toEqual({
token: 'demo-token-123',
user: {
userId: 'demo-user-123',
email: 'demo.driver@example.com',
displayName: 'Demo Driver',
},
});
});
it('should throw error on use case failure', async () => {
const service = new AuthService(
{ debug: vi.fn(), info: vi.fn(), warn: vi.fn(), error: vi.fn() } as any,
{ getCurrentSession: vi.fn(), createSession: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn(async () => Result.err({ code: 'DEMO_NOT_ALLOWED', details: { message: 'Demo not allowed' } })) } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeForgotPasswordPresenter() as any,
new FakeResetPasswordPresenter() as any,
new FakeDemoLoginPresenter() as any,
);
await expect(service.demoLogin({ role: 'driver' })).rejects.toThrow('Demo not allowed');
});
});
});

54
apps/api/src/domain/auth/AuthService.test.ts
View File

@@ -38,8 +38,14 @@ describe('AuthService', () => {
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
);
await expect(service.getCurrentSession()).resolves.toBeNull();
@@ -58,8 +64,14 @@ describe('AuthService', () => {
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
);
await expect(service.getCurrentSession()).resolves.toEqual({
@@ -88,8 +100,14 @@ describe('AuthService', () => {
{ execute: vi.fn() } as any,
signupUseCase as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
authSessionPresenter as any,
new FakeCommandResultPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
);
const session = await service.signupWithEmail({
@@ -118,8 +136,14 @@ describe('AuthService', () => {
{ execute: vi.fn() } as any,
{ execute: vi.fn(async () => Result.err({ code: 'REPOSITORY_ERROR' } as any)) } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
);
await expect(
@@ -147,8 +171,14 @@ describe('AuthService', () => {
loginUseCase as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
authSessionPresenter as any,
new FakeCommandResultPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
);
await expect(service.loginWithEmail({ email: 'e3', password: 'p3' } as any)).resolves.toEqual({
@@ -171,8 +201,14 @@ describe('AuthService', () => {
{ execute: vi.fn(async () => Result.err({ code: 'INVALID_CREDENTIALS', details: { message: 'Bad login' } })) } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
);
await expect(service.loginWithEmail({ email: 'e', password: 'p' } as any)).rejects.toThrow('Bad login');
@@ -185,8 +221,14 @@ describe('AuthService', () => {
{ execute: vi.fn(async () => Result.err({ code: 'INVALID_CREDENTIALS' } as any)) } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
);
await expect(service.loginWithEmail({ email: 'e', password: 'p' } as any)).rejects.toThrow('Login failed');
@@ -207,8 +249,14 @@ describe('AuthService', () => {
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
logoutUseCase as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
commandResultPresenter as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
);
await expect(service.logout()).resolves.toEqual({ success: true });
@@ -221,8 +269,14 @@ describe('AuthService', () => {
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn(async () => Result.err({ code: 'REPOSITORY_ERROR' } as any)) } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
{ execute: vi.fn() } as any,
new FakeAuthSessionPresenter() as any,
new FakeCommandResultPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
new FakeAuthSessionPresenter() as any,
);
await expect(service.logout()).rejects.toThrow('Logout failed');

125
apps/api/src/domain/auth/AuthService.ts
View File

@@ -13,23 +13,47 @@ import {
type SignupApplicationError,
type SignupInput,
} from '@core/identity/application/use-cases/SignupUseCase';
import {
ForgotPasswordUseCase,
type ForgotPasswordApplicationError,
type ForgotPasswordInput,
} from '@core/identity/application/use-cases/ForgotPasswordUseCase';
import {
ResetPasswordUseCase,
type ResetPasswordApplicationError,
type ResetPasswordInput,
} from '@core/identity/application/use-cases/ResetPasswordUseCase';
import {
DemoLoginUseCase,
type DemoLoginApplicationError,
type DemoLoginInput,
} from '../../development/use-cases/DemoLoginUseCase';
import type { IdentitySessionPort } from '@core/identity/application/ports/IdentitySessionPort';
import {
AUTH_SESSION_OUTPUT_PORT_TOKEN,
COMMAND_RESULT_OUTPUT_PORT_TOKEN,
FORGOT_PASSWORD_OUTPUT_PORT_TOKEN,
RESET_PASSWORD_OUTPUT_PORT_TOKEN,
DEMO_LOGIN_OUTPUT_PORT_TOKEN,
IDENTITY_SESSION_PORT_TOKEN,
LOGGER_TOKEN,
LOGIN_USE_CASE_TOKEN,
LOGOUT_USE_CASE_TOKEN,
SIGNUP_USE_CASE_TOKEN,
FORGOT_PASSWORD_USE_CASE_TOKEN,
RESET_PASSWORD_USE_CASE_TOKEN,
DEMO_LOGIN_USE_CASE_TOKEN,
} from './AuthProviders';
import type { AuthSessionDTO } from './dtos/AuthDto';
import type { AuthSessionDTO, AuthenticatedUserDTO } from './dtos/AuthDto';
import { LoginParamsDTO, SignupParamsDTO } from './dtos/AuthDto';
import { AuthSessionPresenter } from './presenters/AuthSessionPresenter';
import type { CommandResultDTO } from './presenters/CommandResultPresenter';
import { CommandResultPresenter } from './presenters/CommandResultPresenter';
import { ForgotPasswordPresenter } from './presenters/ForgotPasswordPresenter';
import { ResetPasswordPresenter } from './presenters/ResetPasswordPresenter';
import { DemoLoginPresenter } from './presenters/DemoLoginPresenter';
function mapApplicationErrorToMessage(error: { details?: { message?: string } } | undefined, fallback: string): string {
return error?.details?.message ?? fallback;
@@ -43,11 +67,20 @@ export class AuthService {
@Inject(LOGIN_USE_CASE_TOKEN) private readonly loginUseCase: LoginUseCase,
@Inject(SIGNUP_USE_CASE_TOKEN) private readonly signupUseCase: SignupUseCase,
@Inject(LOGOUT_USE_CASE_TOKEN) private readonly logoutUseCase: LogoutUseCase,
@Inject(FORGOT_PASSWORD_USE_CASE_TOKEN) private readonly forgotPasswordUseCase: ForgotPasswordUseCase,
@Inject(RESET_PASSWORD_USE_CASE_TOKEN) private readonly resetPasswordUseCase: ResetPasswordUseCase,
@Inject(DEMO_LOGIN_USE_CASE_TOKEN) private readonly demoLoginUseCase: DemoLoginUseCase,
// TODO presenters must not be injected
@Inject(AUTH_SESSION_OUTPUT_PORT_TOKEN)
private readonly authSessionPresenter: AuthSessionPresenter,
@Inject(COMMAND_RESULT_OUTPUT_PORT_TOKEN)
private readonly commandResultPresenter: CommandResultPresenter,
@Inject(FORGOT_PASSWORD_OUTPUT_PORT_TOKEN)
private readonly forgotPasswordPresenter: ForgotPasswordPresenter,
@Inject(RESET_PASSWORD_OUTPUT_PORT_TOKEN)
private readonly resetPasswordPresenter: ResetPasswordPresenter,
@Inject(DEMO_LOGIN_OUTPUT_PORT_TOKEN)
private readonly demoLoginPresenter: DemoLoginPresenter,
) {}
async getCurrentSession(): Promise<AuthSessionDTO | null> {
@@ -189,4 +222,94 @@ export class AuthService {
},
};
}
async forgotPassword(params: { email: string }): Promise<{ message: string; magicLink?: string }> {
this.logger.debug(`[AuthService] Attempting forgot password for email: ${params.email}`);
this.forgotPasswordPresenter.reset();
const input: ForgotPasswordInput = {
email: params.email,
};
const executeResult = await this.forgotPasswordUseCase.execute(input);
if (executeResult.isErr()) {
const error = executeResult.unwrapErr() as ForgotPasswordApplicationError;
throw new Error(mapApplicationErrorToMessage(error, 'Forgot password failed'));
}
const response = this.forgotPasswordPresenter.responseModel;
const result: { message: string; magicLink?: string } = {
message: response.message,
};
if (response.magicLink) {
result.magicLink = response.magicLink;
}
return result;
}
async resetPassword(params: { token: string; newPassword: string }): Promise<{ message: string }> {
this.logger.debug('[AuthService] Attempting reset password');
this.resetPasswordPresenter.reset();
const input: ResetPasswordInput = {
token: params.token,
newPassword: params.newPassword,
};
const result = await this.resetPasswordUseCase.execute(input);
if (result.isErr()) {
const error = result.unwrapErr() as ResetPasswordApplicationError;
throw new Error(mapApplicationErrorToMessage(error, 'Reset password failed'));
}
return this.resetPasswordPresenter.responseModel;
}
async demoLogin(params: { role: 'driver' | 'sponsor' | 'league-owner' | 'league-steward' | 'league-admin' | 'system-owner' | 'super-admin' }): Promise<AuthSessionDTO> {
this.logger.debug(`[AuthService] Attempting demo login for role: ${params.role}`);
this.demoLoginPresenter.reset();
const input: DemoLoginInput = {
role: params.role,
};
const result = await this.demoLoginUseCase.execute(input);
if (result.isErr()) {
const error = result.unwrapErr() as DemoLoginApplicationError;
throw new Error(mapApplicationErrorToMessage(error, 'Demo login failed'));
}
const user = this.demoLoginPresenter.responseModel.user;
const primaryDriverId = user.getPrimaryDriverId();
// Use primaryDriverId for session if available, otherwise fall back to userId
const sessionId = primaryDriverId ?? user.getId().value;
const session = await this.identitySessionPort.createSession({
id: sessionId,
displayName: user.getDisplayName(),
email: user.getEmail() ?? '',
});
const userDTO: AuthenticatedUserDTO = {
userId: user.getId().value,
email: user.getEmail() ?? '',
displayName: user.getDisplayName(),
};
if (primaryDriverId !== undefined) {
userDTO.primaryDriverId = primaryDriverId;
}
return {
token: session.token,
user: userDTO,
};
}
}

18
apps/api/src/domain/auth/ProductionGuard.ts Normal file
View File

@@ -0,0 +1,18 @@
import { CanActivate, ExecutionContext, Injectable, ForbiddenException } from '@nestjs/common';
@Injectable()
export class ProductionGuard implements CanActivate {
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest();
const path = request.path;
// Block demo login in production
if (path === '/auth/demo-login' || path === '/api/auth/demo-login') {
if (process.env.NODE_ENV === 'production') {
throw new ForbiddenException('Demo login is not available in production');
}
}
return true;
}
}

29
apps/api/src/domain/auth/dtos/AuthDto.ts
View File

@@ -1,4 +1,5 @@
import { ApiProperty } from '@nestjs/swagger';
import { IsEmail, IsString, MinLength, IsIn } from 'class-validator';
export class AuthenticatedUserDTO {
@ApiProperty()
@@ -7,6 +8,10 @@ export class AuthenticatedUserDTO {
email!: string;
@ApiProperty()
displayName!: string;
@ApiProperty({ required: false })
primaryDriverId?: string;
@ApiProperty({ required: false, nullable: true })
avatarUrl?: string | null;
}
export class AuthSessionDTO {
@@ -53,3 +58,27 @@ export class LoginWithIracingCallbackParamsDTO {
@ApiProperty({ required: false })
returnTo?: string;
}
export class ForgotPasswordDTO {
@ApiProperty()
@IsEmail()
email!: string;
}
export class ResetPasswordDTO {
@ApiProperty()
@IsString()
token!: string;
@ApiProperty()
@IsString()
@MinLength(8)
newPassword!: string;
}
export class DemoLoginDTO {
@ApiProperty({ enum: ['driver', 'sponsor', 'league-owner', 'league-steward', 'league-admin', 'system-owner', 'super-admin'] })
@IsString()
@IsIn(['driver', 'sponsor', 'league-owner', 'league-steward', 'league-admin', 'system-owner', 'super-admin'])
role!: 'driver' | 'sponsor' | 'league-owner' | 'league-steward' | 'league-admin' | 'system-owner' | 'super-admin';
}

4
apps/api/src/domain/auth/presenters/AuthSessionPresenter.ts
View File

@@ -13,10 +13,14 @@ export class AuthSessionPresenter implements UseCaseOutputPort<AuthSessionResult
}
present(result: AuthSessionResult): void {
const primaryDriverId = result.user.getPrimaryDriverId();
const avatarUrl = result.user.getAvatarUrl();
this.model = {
userId: result.user.getId().value,
email: result.user.getEmail() ?? '',
displayName: result.user.getDisplayName() ?? '',
...(primaryDriverId !== undefined ? { primaryDriverId } : {}),
...(avatarUrl !== undefined ? { avatarUrl } : {}),
};
}

23
apps/api/src/domain/auth/presenters/DemoLoginPresenter.ts Normal file
View File

@@ -0,0 +1,23 @@
import { Injectable } from '@nestjs/common';
import { UseCaseOutputPort } from '@core/shared/application';
import { DemoLoginResult } from '../../../development/use-cases/DemoLoginUseCase';
@Injectable()
export class DemoLoginPresenter implements UseCaseOutputPort<DemoLoginResult> {
private _responseModel: DemoLoginResult | null = null;
present(result: DemoLoginResult): void {
this._responseModel = result;
}
get responseModel(): DemoLoginResult {
if (!this._responseModel) {
throw new Error('DemoLoginPresenter: No response model available');
}
return this._responseModel;
}
reset(): void {
this._responseModel = null;
}
}

23
apps/api/src/domain/auth/presenters/ForgotPasswordPresenter.ts Normal file
View File

@@ -0,0 +1,23 @@
import { Injectable } from '@nestjs/common';
import { UseCaseOutputPort } from '@core/shared/application';
import { ForgotPasswordResult } from '@core/identity/application/use-cases/ForgotPasswordUseCase';
@Injectable()
export class ForgotPasswordPresenter implements UseCaseOutputPort<ForgotPasswordResult> {
private _responseModel: ForgotPasswordResult | null = null;
present(result: ForgotPasswordResult): void {
this._responseModel = result;
}
get responseModel(): ForgotPasswordResult {
if (!this._responseModel) {
throw new Error('ForgotPasswordPresenter: No response model available');
}
return this._responseModel;
}
reset(): void {
this._responseModel = null;
}
}

23
apps/api/src/domain/auth/presenters/ResetPasswordPresenter.ts Normal file
View File

@@ -0,0 +1,23 @@
import { Injectable } from '@nestjs/common';
import { UseCaseOutputPort } from '@core/shared/application';
import { ResetPasswordResult } from '@core/identity/application/use-cases/ResetPasswordUseCase';
@Injectable()
export class ResetPasswordPresenter implements UseCaseOutputPort<ResetPasswordResult> {
private _responseModel: ResetPasswordResult | null = null;
present(result: ResetPasswordResult): void {
this._responseModel = result;
}
get responseModel(): ResetPasswordResult {
if (!this._responseModel) {
throw new Error('ResetPasswordPresenter: No response model available');
}
return this._responseModel;
}
reset(): void {
this._responseModel = null;
}
}